CVE-2024-0763 – CVE-2024-0763 is a path traversal vulnerability... (How to Fix)

Q: What is the severity of CVE-2024-0763?

CVE-2024-0763 has a CVSS score of 8.1 (HIGH). CVE-2024-0763 is a path traversal vulnerability in Anything-LLM that allows authenticated users to delete arbitrary folders recursively on the server. This affects all users of vulnerable versions who have any level of access to the system, as the endpoint requires authorization but doesn't properly validate file paths.

📋 TL;DR

CVE-2024-0763 is a path traversal vulnerability in Anything-LLM that allows authenticated users to delete arbitrary folders recursively on the server. This affects all users of vulnerable versions who have any level of access to the system, as the endpoint requires authorization but doesn't properly validate file paths.

💻 Affected Systems

Products:

Anything-LLM

Versions: Versions prior to commit 8a7324d0e77a15186e1ad5e5119fca4fb224c39c

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments where the vulnerable endpoint is accessible to authenticated users.

📦 What is this software?

Anythingllm by Mintplexlabs

View all CVEs affecting Anythingllm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through deletion of critical system folders, leading to data loss, service disruption, and potential privilege escalation.

🟠

Likely Case

Unauthorized deletion of application data, configuration files, or user uploads causing data loss and service disruption.

🟢

If Mitigated

Limited impact if proper file permissions and access controls restrict damage to non-critical directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 8a7324d0e77a15186e1ad5e5119fca4fb224c39c and later

Vendor Advisory: https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c

Restart Required: Yes

Instructions:

1. Update to latest version of Anything-LLM. 2. Apply commit 8a7324d0e77a15186e1ad5e5119fca4fb224c39c. 3. Restart the application service.

🔧 Temporary Workarounds

Restrict endpoint access

all

Temporarily disable or restrict access to the vulnerable folder deletion endpoint

# Configure web server/application firewall to block DELETE requests to vulnerable endpoint

Implement file permission restrictions

linux

Set strict file permissions to limit damage from path traversal

chmod 750 /path/to/application/data
chown root:application /path/to/application/data

🧯 If You Can't Patch

Implement strict input validation for all file path parameters
Apply principle of least privilege to application service account file permissions

🔍 How to Verify

Check if Vulnerable:

Check if current version is prior to commit 8a7324d0e77a15186e1ad5e5119fca4fb224c39c

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify commit 8a7324d0e77a15186e1ad5e5119fca4fb224c39c is applied and test folder deletion with traversal attempts

📡 Detection & Monitoring

Log Indicators:

Multiple DELETE requests with '../' patterns
Failed file deletion attempts outside expected directories
Unusual folder deletion patterns

Network Indicators:

HTTP DELETE requests containing path traversal sequences
Unusual volume of file deletion requests

SIEM Query:

source="web_logs" AND method="DELETE" AND (uri="*../*" OR uri="*..\\*")

📊 Metadata

CVE ID: CVE-2024-0763

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-22

Published: February 27, 2024

Last Updated: March 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0763, you might also want to check these: